Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection

Jiang, Zuming; Bai, Jia-Ju; Lu, Kangjie; Hu, Shi‐Min

doi:10.14722/ndss.2022.24296

Cited by 22 publications

(11 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By using rule-based generators adapted to a specific Datalog engine, it is straightforward to ensure syntactic correctness. However, as also highlighted by prior work on testing database engines [Jiang et al 2023…”

Section: Test Case Skeletonmentioning

confidence: 91%

“…Therefore, we append rules with a fixed, low probability 𝑃 𝑒𝑚𝑝𝑡 𝑦 to allow for empty results. Incrementally generating rules is beneficial for both considerations, as it enables us to incrementally build complex, valid test cases; the high-level idea is similar to DynSQL[Jiang et al 2023], which was proposed for fuzzing database engines, which, however, considered only test case validity.Last, we combine 𝑟 𝑛 and 𝑃 the new relations, and set the relation in the head of the rule 𝑟 𝑛 as the output relation of 𝑃…”

mentioning

confidence: 99%

See 1 more Smart Citation

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

Zhang

Chen

2020

European Heart Journal

View full text Add to dashboard Cite

Reclosure of ruptured incision after peroral endoscopic myotomy using endoloops and metallic clipsSince Inoue et al. introduced peroral endoscopic myotomy (POEM) into a clinic to treat esophageal achalasia in 2010, the procedure has been carried out in many countries around the world. 1 As more and more POEM is being done, associated technical difficulties and complications may occur. 2 To our knowledge, the present study is the first to report incision rupture after POEM.A 37-year-old man presented to our academic center after experiencing 25 years of dysphagia and 2 months of exacerbation. Barium swallow examination and esophageal manometry diagnosed the patient with type I esophageal achalasia and he agreed to receive POEM.POEM was carried out using the standard technique. After the operation, the patient received routine postoperative care. On the third day after the procedure, the patient had a fever (38.9°C, white blood cell count 18.24 × 10 9 /L, % neutrophils 95.3%) and X-ray showed the absence of several metal clips at the proximal end of the longitudinal incision which revealed the incision rupture.Gastroesophageal endoscopy showed that the middle and proximal parts of the incision was ruptured. It was not possible to reclose the incision with routine clips because of the swollen mucosa around the defect. On endoscopy, an endoloop was inserted and snared the remaining clips in the distal part. In the middle, four clips were anchored onto the defect margins at full thickness and another endoloop was inserted to snare the clips tightly. The same procedure was done in the proximal part (Figs 1,2). After monitoring the patient's condition for several days, he was discharged without any complaints or complications.In the present study, we propose reclosure of a mucosal incision after POEM using conventional endoloops and hemostatic clips. It could reclose the incision regardless of the swollen tissue or the size of the longitudinal incision.

show abstract

Section: Test Case Skeletonmentioning

confidence: 91%

mentioning

confidence: 99%

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

Zhang

Chen

2020

European Heart Journal

View full text Add to dashboard Cite

show abstract

“…First and foremost, a mechanism to force the execution of a large number of different interleaving is required (Interleaving Control). Existing fuzzers like MUZZ [23] and ConAFL [34] manipulate the thread priorities at assembly level, others like Krace [44] inject sleep instruction to force a context switch, while AutoInterfuzzing [42] and Conzzer [45] instrument the code with explicit synchronization barriers or thread locks. Alternatively, the interleaving exploration can be left to the natural nondeterminism of the operating system like in ConFuzz [43].…”

Section: Gray-box Fuzzingmentioning

confidence: 99%

“…Conzzer [45] improves upon the ideas of AutoInterfuzzing. More specifically, the instruction pairs are obtained at runtime and contain information about the execution trace.…”

Section: B Fuzzingmentioning

confidence: 99%

Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs

et al. 2022

View full text Add to dashboard Cite

Finding software vulnerabilities in concurrent programs is a challenging task due to the size of the state-space exploration, as the number of interleavings grows exponentially with the number of program threads and statements. We propose and evaluate EBF (Ensembles of Bounded Model Checking with Fuzzing) -a technique that combines Bounded Model Checking (BMC) and Gray-Box Fuzzing (GBF) to find software vulnerabilities in concurrent programs. Since there are no publicly-available GBF tools for concurrent code, we first propose OpenGBF -a new open-source concurrency-aware gray-box fuzzer that explores different thread schedules by instrumenting the code under test with random delays. Then, we build an ensemble of a BMC tool and OpenGBF in the following way. On the one hand, when the BMC tool in the ensemble returns a counterexample, we use it as a seed for OpenGBF, thus increasing the likelihood of executing paths guarded by complex mathematical expressions. On the other hand, we aggregate the outcomes of the BMC and GBF tools in the ensemble using a decision matrix, thus improving the accuracy of EBF. We evaluate EBF against state-of-the-art pure BMC tools and show that it can generate up to 14.9% more correct verification witnesses than the corresponding BMC tools alone. Furthermore, we demonstrate the efficacy of OpenGBF, by showing that it can find 24.2% of the vulnerabilities in our evaluation suite, while non-concurrency-aware GBF tools can only find 0.55%. Finally, thanks to our concurrency-aware OpenGBF, EBF detects a data race in the open-source wolfMqtt library and reproduces known bugs in several other real-world programs, which demonstrates its effectiveness in finding vulnerabilities in realworld software.

show abstract

“…However, previous works have not studied how to detect violations of consistency models well when they actually occur. One line of previous works either leverages random testing approaches like fuzzing methods [8][9][10][11][12][13]. However, fuzzing cannot systematically explore the state space of SUTs; therefore, it may miss some bugs.…”

Section: Introductionmentioning

confidence: 99%

VConMC: Enabling Consistency Verification for Distributed Systems Using Implementation-Level Model Checkers and Consistency Oracles

Kim

2024

Electronics

View full text Add to dashboard Cite

Many cloud services are relying on distributed key-value stores such as ZooKeeper, Cassandra, HBase, etc. However, distributed key-value stores are notoriously difficult to design and implement without any mistakes. Because data consistency is the contract for clients that defines what the correct values to read are for a given history of operations under a specific consistency model, consistency violations can confuse client applications by showing invalid values. As a result, serious consequences such as data loss, data corruption, and unexpected behavior of client applications can occur. Software bugs are one of main reasons why consistency violations may occur. Formal verification techniques may be used to make designs correct and minimize the risks of having bugs in the implementation. However, formal verification is not a panacea due to limitations such as the cost of verification, inability to verify existing implementations, and human errors involved. Implementation-level model checking has been heavily explored by researchers for the past decades to formally verify whether the underlying implementation of distributed systems have bugs or not. Nevertheless, previous proposals are limited because their invariant checking is not versatile enough to check for the wide spectrum of consistency models, from eventual consistency to strong consistency. In this work, consistency oracles are employed for consistency invariant checking that can be used by implementation-level model checkers to formally verify data consistency model implementations of distributed key-value stores. To integrate consistency oracles with implementation-level distributed system model checkers, the partial-order information obtained via API is leveraged to avoid the exhaustive search during consistency invariant checking. Our evaluation results show that, by using the proposed method for consistency invariant checking, our prototype model checker, VConMC, can detect consistency violations caused by several real-world software bugs in a well-known distributed key-value store, ZooKeeper.

show abstract

Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection

Cited by 22 publications

References 0 publications

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

Combining BMC and Fuzzing Techniques for Finding Software Vulnerabilities in Concurrent Programs

VConMC: Enabling Consistency Verification for Distributed Systems Using Implementation-Level Model Checkers and Consistency Oracles

Contact Info

Product

Resources

About